Monitoring Windows Devices


This document describes how you can monitor devices running Microsoft Windows using a predefined template. This template can address:

  • Memory usage
  • CPU load
  • Disk usage
  • Service states
  • Running processes
  • Event logs (Application or system)
  • etc.


Publicly available services that are provided by Windows machines (“HTTP”, “FTP”, “POP3”, etc.) can be monitored by following the documentation on Monitoring publicly available services (HTTP, FTP, SSH, etc.).

The instructions assume that you’ve installed Shinken according to the Installation tutorial. The sample configuration entries below reference objects that are defined in the sample config files (“commands.cfg”, “templates.cfg”, etc.) that was installed if you followed the quickstart.


Monitoring a windows device is possible using two different methods:
  • Agent: by installing software such as NSClient++
  • Agentless: by polling via the network using the WMI protocol

This document focuses on the agentless method. The agent based method is described in windows monitoring with nsclient++ <windows monitoring with nsclient++>.


Have a valid account on the Microsoft Windows device (local or domain account) you will monitor using WMI queries.


There are several steps you’ll need to follow in order to monitor a Microsoft Windows device.

  • Install check_wmi_plus plugin
  • Setup a account on the server for the WMI queries
  • Declare your windows host in the configuration
  • Restart the Shinken Arbiter

What’s Already Been Done For You

To make your life a bit easier, configuration templates are provided as a starting point:

  • A selection of check_windows based command definitions have been added to the “commands.cfg” file. This allows you to use the check_wmi_plus plugin.
  • A Windows host template (called “windows”) is included the “templates.cfg” file. This allows you to add new Windows host definitions in a simple manner.

The above-mentioned config files can be found in the ///etc/shinken/packs/os/windows// directory. You can modify the definitions in these and other templates to suit your needs. However, wait until you’re more familiar with Shinken before doing so. For the time being, just follow the directions outlined below and you will be monitoring your Windows devices in no time.

Setup the check_wmi_plus plugin

The plugin used for windows agent less monitoring is check_wmi_plus. To install it, just launch as root on your shinken server:

./install -p check_wmi_plus

(install is a executable script in the git, the previous name was

Setup a windows account for WMI queries

TODO: write on using less than server admin

You need to configure your user account int the /etc/shinken/resources.cfg file or the c:shinkenetcresource.cfg file under windows with the one you just configured:


Declare your host in Shinken

Now it’s time to define some object definitions in your Shinken configuration files in order to monitor the new Windows device.

We will assume that your server is named srv-win-1. Replace this with the real hostname of your server.

You can add the new host definition in an existing configuration file, but it is good practice to have one file per host, it will be easier to manage in the future. So create a file with the name of your server.

Under Linux:

linux:~ # vi /etc/shinken/hosts/srv-win-1.cfg

Or Windows:

c:wordpad c:shinkenetchostssrv-win-1.cfg

You need to add a new host definition for the Windows device that you will monitor. Just copy/paste the above definition, change the “host_name”, and “address” fields to appropriate values.

define host{
use windows host_name srv-win-1 address }
  • use windows is the “template” line. This host will inherit properties from the windows template. * host_name is the object name of your host. It must be unique. * address is the ip address or hostname of your host (FQDN or just the host portion).

Note: If you use a hostname be aware that you will have a DNS dependency in your monitoring system. Either have a periodically updated local hosts file with all relevant entries, long caching or use an IP address.

What is checked by the windows template ?

You have configured your host to be checked by the windows template. What does it means? It means that you got some checks already configured for you:
  • host check each 5 minutes with a ping
  • check disk spaces
  • check if autostarting services are started
  • check CPU load (total and each CPU)
  • check memory and swap usage
  • check for a recent (less than one hour) reboot
  • critical/warnings errors in the application and system event logs
  • too much inactive RDP sessions
  • CPU hog processes

Restarting Shinken

You’re done with modifying the Shinken configuration, so you’ll need to verify your configuration files and restart Shinken.

If the verification process produces any errors messages, fix your configuration file before continuing. Make sure that you don’t (re)start Shinken until the verification process completes without any errors!

Read the Docs v: documentation
On Read the Docs
Project Home

Free document hosting provided by Read the Docs.